Versions

Telex Subject

What is Telex Subject?

Identified as a version of the CMI/ConvertAd family of malware ad-injectors, this adware which is typically bundled with third-party applications in unwanted software bundles will hijack the user's browser (Internet Explorer, Chrome and Firefox) and display unwanted ads. When running, the process will monitor and capture internet traffic and insert advertisements over existing ads or by placing new ads in white space. In either case, these ads are low in quality and even dangerous in many cases as they might be infected with malware javascript (malvertising). In addition to displaying these unwanted ads, the software runs as startup in the local application data via a registry run key and sends commands to the controlling server to request new ads based on the context of what the user is doing. This action will also report back to the server what domains the user visits, what URLs they enter as well as in some cases might send back cookies. If the sites visited are not SSL encrypted passwords and usernames might be sent to the server compromising the privacy and security of the user.

Overview

Upon installation and setup, it defines an auto-start registry entry which makes this program run on each Windows boot for all user logins. The main program executable is bnse1f67.exe. Typically most users end up uninstalling this just after a few days.